Monday, December 19, 2016

"Harm"

I've spent nearly three years reading policy papers in cyber security, which is a SMALL community, every conference has the same names. And most papers talk about how to classify the problem and map it to existing problems and then use existing solutions. The GOOD papers, (Danzig and Gary) tend to argue the opposite. They are darker, and more painful to read, but also more true and likely to point ways to actual solutions that work.

"Put Simply"

Another thing to watch out for is quick divisions into "phases" of operations. These are vast oversimplifications for the purpose of communicating one particular concept, but you see papers steal classification phases and then run with them as if they are useful in other contexts, which they never are.

Likewise, often the papers that are cited don't support the arguments in the paper, which I always find weird and upsetting, like I'm being cheated by getting a Caribbean lobster instead of a Maine lobster at a restaurant.

11) Dept of Commerce blathers on about stuff unrelated to this paper. This concept needs better support.

The conclusion isn't hard enough on what defines an "activity"

Lots of good reasons to establish presence on SCADA boxes other than direct CNA...